Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.741
Study on Home Network triggered Primary Authentication

3GPP‑Page  
V18.0.1 (Wzip)  2023/03  38 p.
Rapporteur:
Mr. Li, He
HUAWEI TECHNOLOGIES Co. Ltd.

full Table of Contents for  TR 33.741  Word version:  18.0.1

Here   Top
1 Scope2 References3 Definitions of terms, symbols and abbreviations4 Key issues5 Potential solutions6 ConclusionsA Use cases$ Change history

 

1  Scopep. 7

The present document studies the use cases which needs Home Network initiated primary authentication and the associated security threats and requirements. As part of this investigation, the study aims at identifying which network function in the HN is better suitable to trigger the primary authentication, corresponding procedures, the potential impacts on visited and home network, and the potential impacts on existing procedures. Moreover, solutions for potential normative work are also in the scope of this study.
Up

2  Referencesp. 7

3  Definitions of terms, symbols and abbreviationsp. 7

3.1  Termsp. 7

3.2  Symbolsp. 7

3.3  Abbreviationsp. 7

4  Key issuesp. 8

4.1  Key Issue #1: Ability of the home network to trigger primary authenticationp. 8

4.1.1  Key issue detailsp. 8

4.1.2  Security threatsp. 8

4.1.3  Potential requirementsp. 8

4.2  Key Issue #2: Signalling overload due to running the primary authentication for KAF refreshp. 8

4.2.1  Issue detailsp. 8

4.2.2  Security Threatsp. 9

4.2.3  Potential security requirementsp. 9

5  Potential solutionsp. 9

5.0  Mapping of solutions to key issuesp. 9

5.1  Solution #1: HN triggering primary authentication for various scenariosp. 9

5.1.1  Introductionp. 9

5.1.2  Solution detailsp. 10

5.1.2.1  Procedure for detection of SoR/UPU Counter wraparound in advance and perform re-authenticationp. 10

5.1.2.2  Re-authentication due to EPC to 5G mobilityp. 11

5.1.2.3  Re-authentication invoked by other AAnFp. 11

5.1.3  Solution Evaluationp. 12

5.2  Solution #2: UDM triggered primary authenticationp. 12

5.2.1  Introductionp. 12

5.2.2  Solution detailsp. 13

5.2.2.1  Procedurep. 13

5.2.2.2  Procedure used for each use casep. 13

5.2.2.3  Service provided by AMFp. 13

5.2.2.3.1  Generalp. 13
5.2.2.3.2  Namf_HN Authentication servicep. 13
5.2.2.3.2.1  Namf_HNAuthentication service operationp. 13

5.2.2.4  Service provided by UDMp. 14

5.2.2.4.1  Generalp. 14
5.2.2.4.2  Nudm_HN Authentication servicep. 14
5.2.2.4.2.1  Nudm_HNAuthentication service operationp. 14

5.2.3  Evaluationp. 14

5.3  Solution #3: Home network triggered authentication solution for LTE to 5G interworkingp. 14

5.3.1  Introductionp. 14

5.3.2  Solution detailsp. 14

5.3.3  Evaluationp. 15

5.4  Solution #4: UDM initiated primary authentication based on a NF requestp. 15

5.4.1  Introductionp. 15

5.4.2  Solution detailsp. 15

5.4.3  Evaluationp. 16

5.5  Solution #5: Using the UDM to start home triggered authenticationsp. 16

5.5.1  Introductionp. 16

5.5.2  Solution detailsp. 16

5.5.3  Evaluationp. 18

5.6  Solution #6: UDM initiated primary authentication based on AUSF requestp. 18

5.6.1  Introductionp. 18

5.6.2  Solution detailsp. 18

5.6.3  Evaluationp. 19

5.7  Solution #7: UDM initiated Primary Authenticationp. 19

5.7.1  Introductionp. 19

5.7.2  Solution detailsp. 20

5.7.3  Evaluationp. 21

5.8  Solution #8: Solution to enable UDM in the HN to trigger Primary Authenticationp. 21

5.8.1  Introductionp. 21

5.8.2  Solution detailsp. 21

5.8.3  Evaluationp. 25

5.9  Solution #9: AMF initiated primary authentication based on AUSF requestp. 25

5.9.1  Introductionp. 25

5.9.2  Solution detailsp. 26

5.9.2.1  EPC interworking use casep. 26

5.9.2.2  Namf_UEAuthentication_Authenticatep. 27

5.9.3.2.1  Namf_UEAuthentication_Authenticate service operationp. 27

5.9.3  Evaluationp. 28

5.10  Solution #10: UDM initiated primary authentication based on AAnF request for KAF refresh scenariop. 28

5.10.1  Introductionp. 28

5.10.2  Solution detailsp. 29

5.10.3  Evaluationp. 30

5.11  Solution #11: Home network triggered primary authentication controlled by the UDMp. 30

5.11.1  Introductionp. 30

5.11.2  Solution detailsp. 31

5.11.2.1  Generalp. 31

5.11.2.2  UDM triggered primary authentication during UE Registrationp. 31

5.11.2.3  UDM triggered primary authentication after UE Registrationp. 32

5.11.2.4  Applicability of the UDM triggered primary authentication procedures to the Use Cases.p. 34

5.11.2.4.1  Interworking use casep. 34
5.11.2.4.2  SoR/UPU wrap around use casep. 34
5.11.2.4.3  Home Network triggered primary authentication for KAF refreshp. 34

5.11.3  Evaluationp. 34

5.12  Solution #12: Delegated Home Network controlled primary authenticationp. 35

5.12.1  Introductionp. 35

5.12.2  Solution detailsp. 35

5.12.3  Evaluationp. 35

6  Conclusionsp. 36

A  Use casesp. 37

A.1  Use Case #1: Security of Interworkingp. 37

A.2  Use Case #2: SoR/UPU Counter Wrap aroundp. 37

A.3  Use Case #3: KAKMA refreshp. 37

$  Change historyp. 38

Up   Top